5 matches found
CVE-2022-4674
The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4674
The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4674 Ibtana – WordPress Website Builder < 1.1.8.8 - Contributor+ Stored XSS via Shortcode
The Ibtana WordPress plugin before 1.1.8.8 does not validate and escape one of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...
CVE-2022-4674
The CVE-2022-4674 entry concerns the Ibtana WordPress Website Builder plugin prior to 1.1.8.8. Affected component: a shortcode attribute in the plugin’s code that is not validated or escaped. Root cause: failure to validate/escape a shortcode attribute, enabling Stored Cross-Site Scripting when a...
WordPress Ibtana Plugin < 1.1.8.8 is vulnerable to Cross Site Scripting (XSS)
Software Ibtana Type Plugin Vulnerable versions 1.1.8.8 Fixed in 1.1.8.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-4674 Patch priority Medium CVSS severity Medium 6.3 Developer Claim ownership PSID e564cfbd3326 Credits Lana Codes Required...